Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Doesn't work under Win2012R2 #22

Closed
mawouzo opened this issue Nov 11, 2016 · 8 comments
Closed

Doesn't work under Win2012R2 #22

mawouzo opened this issue Nov 11, 2016 · 8 comments

Comments

@mawouzo
Copy link

mawouzo commented Nov 11, 2016

I did use this script for a long time under Win2008. But now, under Win2012 it does nothing. In Debugmode it is waiting in busy-loop but no event is noticed.
It looks like that the Select Statement is no longer valid.
@EvanAnderson
Copy link
Owner

I strongly suspect issue #14 is the culprit for you.

Windows Server 2012 R2 will log event 4625 when an RDP logon fails, however it will not log an IP address. Without an IP address the event sink will simply return.

To verify the event sink is receiving events add a "WScript.Echo" at line 325. You should see the event sink called each time an event 4625 happens.

@SgtOddball
Copy link

I'm sure I read somewhere that there was a way to force DNS addresses to appear even though SSL was being enforced. I'll relook over the weekend and post my findings (I had the problem on an old server and managed to get it to work before but I can't remember how this was done offhand).

@adriencarbonne
Copy link

@SgtOddball DId you find anything?

@dvolk
Copy link

dvolk commented Dec 8, 2016

What did you see, SgtOddball???

@SgtOddball
Copy link

Sorry I haven't had the chance to follow up on this, i've been upto my eyeballs in a new job which has taken me off managing servers. I might have time to look further over the christmas break but it just depends on what i've got going on.

@ghost
Copy link

ghost commented Jun 14, 2018

You can modify group policy Remote Desktop Session Host \ Security \ Set client connection encryption level to Client Compatible and modify Remote Desktop Session Host \ Security \ Require use of specific security layer for remote (RDP) connections to Security Layer RDP.

Force gpupdate on TS after applying group policy to computer OU

This will allow ts_block to work.

@mawouzo mawouzo closed this as completed Jun 14, 2018
@mawouzo mawouzo reopened this Jun 14, 2018
@greatquux
Copy link

This got fixed in Server 2016.

@EvanAnderson
Copy link
Owner

As a clarification (in lieu of actually taking the time to update the documentation) of behavior and compatibility: Windows Server 2019, 2016, 2008 R2, 2008, 2003 R2, and 2003 all work fine with this code.

Windows Server 2012 and 2012 R2, when using the TLS/SSL security layer (which is the default), do not log the IP address of the client so there's no way for ts_block to take action. Verbose discussion at: #14

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@dvolk @adriencarbonne @EvanAnderson @greatquux @SgtOddball @mawouzo